There’s this stupid joke in a Discord server I’m on that goes:
“what does it take to make a blockchain look stupid? …a smart contract”.
I find the joke appalling but I guess that’s just me. Maybe because I have an above average understanding of DeFi products and platforms; maybe because I happen to know how bad it is to get hacked and lose your money—or worse, money belonging to a group of people who put their faith and trust in you.
In a previous article where i introduced DeFi, I tried to explain the beauty of DeFi, its origins and the few ways it can *not just* come in handy, but also support us as individuals and businesses. Then barely 30 days after, I see an article from Blockworks saying that Wormhole, a blockchain bridge, was hacked and robbed off $320m. It’s an insane feat to achieve considering how blockchain, DeFi and crypto evangelists preach about how safe and secure transactions on exchanges can be yet they are losing entire startup valuations in under 30 minutes due to a minor smart contract oversight.
I would absolutely love to be present during their investor/team update meeting on crisis management. I want to see the faces of everyone and wonder if they are still human because I can only imagine what its like for them. So in the spirit of imagination let’s explore in no particular order, the curious concerns many of you may have with regards to the recent cases of hacks in the decentralized world.
First off, this is the second biggest hack in all of DeFi. It’s good and it’s bad.
Good: because it means the more we see these loopholes now the more we can address such problems and others like it.
Bad: because as we all know, once something has worked on a large scale two times, it most likely will have a third. Why? Third time is the charm, they say.
Now it seems stupid but how possible is it to outsmart a smart contract? If you look deeper, you’d see that Wormhole is a blockchain bridge—a platform that operates on a combination of programs called “smart contracts”, that allow two or more blockchains to operate with each other and permit transactions between them.
It’s like being the board man at a card game. Wormhole merely shares the cards and takes a cut from the dealings between players. They neither own the cards, the playing board, nor the game itself.
So think of the popular blockchains you know: Terra, Polygon, Ethereum, Solana and Polkadot. On a normal day, you cannot send coins from your Ethereum wallet to your Solana wallet because they are not compatible, and compatibility is crucial in DeFi. To solve this problem Wormhole, as a blockchain bridge will then ask you how many ETH do you want to convert to SOL and then proceed to take your ETH and give you market rate equivalent in SOL.
Naturally these things have solid security protocols that prevent them from fraud cases like this but yet it happened. Just like the DataDAO hack where everyone who had their wallets with the DAO lost all their money in there. It begs the question: is your crypto really safe? Because almost everyone has been hacked at this point: Centralized Exchanges like Binance and KuCoin have suffered hacks, DAOs have suffered hacks, there’s an interesting rise in MetaMask wallet hacks as well. Everyone everywhere is getting bitten. Now consider this perspective: if an avid crypto enthusiast who watches from the sidelines as these events unfold, were to seek solace in maybe just one part of crypto/web3 will they find it?
DeFi: hack
Wallets: hack
CEX: hack
DEX: hack
DAO: hack
As always, I’d like to point out these thoughts are not mine but that of a number of individuals who have raised concerns. While personally I do think I’m piling up negatives here I also believe it’s important someone plays devils advocate even though with a bit of research it is very clear that security breaches in crypto/web3 are being patched up almost immediately as they are noticed. Unlike these cases.
On a final note: it is high key that we understand the tenets of web3:
- most of your security is yours to handle, it is very likely nobody will do that for you.
- breaches happen more often than you think—they also get fixed just as quick.
- DYOR (doing your own research) saves you half the stress of getting hacked, the rest is between you and God.
- web3 (DeFi, crypto, the metaverse, NFTs) is still a VERY new industry, in human terms we’re barely old enough for kindergaten so brace for impact.
- lastly, be patient with the platforms you use; they’re people too.
That being said, wagmi.